[10] Window PowerShell DSC 学习系列----目标节点和Pull 服务器底层通信原理剖析

原创 2017年01月25日 13:45:20

在本节中,笔者将会用wireshark抓包,并分析目标节点如何和Pull 服务器通信的?注意笔者本机装的Window Management Framework 5.1,如果是其他的版本,可能请求的URI会不一样,请大家注意。首先需要安装Wireshark,然后让wireshark监听Pull服务器的8080端口。

(1)GET /PSDSCPullServer.svc/Action/ConfigurationContent 请求

当客户机节点注册成功后,其马上就会到pull51w2k12nssl服务器上,根据客户机器上面的ConfigurationID,去取最新的MOF文件。

如下图所示意。

Request:

目标节点发送GET请求到Pull Server(pull51w2k12nssl)去获取ConfigurationContent

GET /PSDSCPullServer.svc/Action(ConfigurationId='262c2f84-38e0-4610-b771-10e3f72281b6')/ConfigurationContent HTTP/1.1
ProtocolVersion: 2.0
Host: pull51w2k12nssl:8080

Response:

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 3000
Content-Type: application/octet-stream
Server: Microsoft-IIS/8.5
ProtocolVersion: 2.0
Prefer: return-content
Checksum: F947C9A459FA6C777387BA67CA13844BFC40A624400E079CA8DAD9802F68EF90
ChecksumAlgorithm: SHA-256
X-Content-Type-Options: nosniff
request-id: 28c7ae25-76ba-0001-27b0-c728ba76d201
DataServiceVersion: 1.0;
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 25 Jan 2017 06:08:19 GMT
/*
@TargetNode='dscc51w2008nssl'
@GeneratedBy=Admin
@GenerationDate=01/24/2017 13:16:13
@GenerationHost=PULL51W2K12NSSL
*/
instance of MSFT_FileDirectoryConfiguration as $MSFT_FileDirectoryConfiguration1ref
{
ResourceID = "[File]DirectoryCopy";
 Type = "Directory";
 Ensure = "Present";
 DestinationPath = "C:\\Users\\Public\\target";
 ModuleName = "PSDesiredStateConfiguration";
 SourceInfo = "C:\\dsc\\FileResourceCopy.ps1::8::9::File";
 Recurse = True;
 SourcePath = "C:\\Users\\Public\\demo";
ModuleVersion = "1.0";  ConfigurationName = "FileResourceCopy"; };
instance of MSFT_LogResource as $MSFT_LogResource1ref
{
SourceInfo = "C:\\dsc\\FileResourceCopy.ps1::17::9::Log";
 ModuleName = "PsDesiredStateConfiguration";
 ResourceID = "[Log]AfterDirectoryCopy";
 Message = "Finished running the file resource with ID DirectoryCopy";
ModuleVersion = "1.0"; DependsOn = {     "[File]DirectoryCopy"};  ConfigurationName = "FileResourceCopy"; };
instance of OMI_ConfigurationDocument
                     {
 Version="2.0.0";
                          MinimumCompatibleVersion = "1.0.0";
                          CompatibleVersionAdditionalProperties= {"Omi_BaseResource:ConfigurationName"};
                          Author="Admin";
                          GenerationDate="01/24/2017 13:16:13";
                          GenerationHost="PULL51W2K12NSSL";
                          Name="FileResourceCopy";
                     };

查看C:\Windows\system32\Configuration目录,发现Current.mof文件已经下载成功。

Directory: C:\Windows\system32\Configuration
Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----        1/24/2017   2:59 PM                BaseRegistration
d-----        1/24/2017   2:59 PM                ConfigurationStatu
d-----        1/25/2017   2:08 PM                ConfigurationStatus
d-----        1/24/2017   2:59 PM                PartialConfigurations
d-----        1/24/2017   2:59 PM                Registration
d-----        1/24/2017   2:59 PM                Schema
-a----        1/25/2017   2:08 PM           3222 Current.mof
-a----        1/25/2017   1:53 PM             64 Current.mof.checksum
-a----        1/25/2017   2:09 PM            540 DSCEngineCache.mof
-a----        1/25/2017   2:09 PM           1858 DSCResourceStateCache.mof
-a----        1/25/2017   2:08 PM           1360 DSCStatusHistory.mof
-a----        1/25/2017   1:53 PM           1864 MetaConfig.mof

Pull服务器根据ConfigurationID返回ConfigurationContent

下载成功后,其会把上面得到的MOF文件放到C:\Windows\system32\Configuration目录下面

PS C:\Windows\system32\Configuration> dir

如果配置的是通过Configuration的名字进行获取的话,则其URI应该如下

GET /PSDSCPullServer.svc/Nodes(AgentId='199404F3-E202-11E6-80B8-BE117D36B7A4')/Configurations(ConfigurationName='unzipFile')
/ConfigurationContent HTTP/1.1
ProtocolVersion: 2.0
Host: pull51w2k12nssl:8080

http://10.33.2.86:8080//PSDSCPullServer.svc/

(2)第一次发 Post GetAction HTTP请求

目标节点节点执行成功后,其会把其执行的状态返回给Pull服务器。

目标节点发送Post 请求到Pull Server(pull51w2k12nssl)

Request:

POST /PSDSCPullServer.svc/Action(ConfigurationId='262c2f84-38e0-4610-b771-10e3f72281b6')/GetAction HTTP/1.1
Accept: application/json
ProtocolVersion: 2.0
Content-Type: application/json; charset=utf-8
Host: pull51w2k12nssl:8080
Content-Length: 150
Expect: 100-continue
Connection: Keep-Alive

{"Checksum":"F947C9A459FA6C777387BA67CA13844BFC40A624400E079CA8DAD9802F68EF90","NodeCompliant":"False","ChecksumAlgorithm":"SHA-256","StatusCode":"0"}


Response:

pull51w2k12nssl 回复的信息为

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 102
Content-Type: application/json;odata=minimalmetadata;streaming=true;charset=utf-8
Server: Microsoft-IIS/8.5
ProtocolVersion: 2.0
X-Content-Type-Options: nosniff
request-id: 28c7ae25-76ba-0000-40af-c728ba76d201
DataServiceVersion: 3.0;
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 25 Jan 2017 05:30:58 GMT

{"odata.metadata":"http://pull51w2k12nssl:8080/PSDSCPullServer.svc/$metadata#Edm.String","value":"Ok"}


在上面的Post方法中,其会返回一些JSON的键值对,下面分别对其进行描述


@NodeCompliant  

目标节点的配置是否和存储在Pull服务器上的配置同步了

@状态码(Status Code)

目标节点会上传一些状态码(Status Code),意思是最后一次Pull操作的状态,到Pull服务器上。那么这些状态码分别代码什么含义呢?

请参考下面的描述。

Status Code

Description

0

Pull operation was successful

1

Download Manager initialization failure

2

Get configuration command failure

3

Unexpected get configuration response from pull server

4

Configuration checksum file read failure

5

Configuration checksum validation failure

6

Invalid configuration file

7

Available modules check failure

8

Invalid configuration Id In meta-configuration

9

Invalid DownloadManager CustomData in meta-configuration

10

Get module command failure

11

Get Module Invalid Output

12

Module checksum file not found

13

Invalid module file

14

Module checksum validation failure

15

Module extraction failed

16

Module validation failed

17

Downloaded module is invalid

18

Configuration file not found

19

Multiple configuration files found

20

Configuration checksum file not found

21

Module not found

22

Invalid module version format

23

Invalid configuration Id format

24

Get Action command failed

25

Invalid checksum algorithm

26

Get Lcm Update command failed

27

Unexpected Get Lcm Update response from pull server

28

Invalid Refresh Mode in meta-configuration

29

Invalid Debug Mode in meta-configuration


(3)每隔固定时间发 Post GetAction HTTP请求

目标节点节点执行成功后,其会把其执行的状态返回给Pull服务器(pull51w2k12nssl),注意这个请求会定时发送。

下面这个例子的NodeCompliance的状态已经变成为True,因为这是第二次发了。


Request:
POST /PSDSCPullServer.svc/Action(ConfigurationId='262c2f84-38e0-4610-b771-10e3f72281b6')/GetAction HTTP/1.1
Accept: application/json
ProtocolVersion: 2.0
Content-Type: application/json; charset=utf-8
Host: pull51w2k12nssl:8080
Content-Length: 150
Expect: 100-continue
Connection: Keep-Alive

{"Checksum":"F947C9A459FA6C777387BA67CA13844BFC40A624400E079CA8DAD9802F68EF90","NodeCompliant":"True","ChecksumAlgorithm":"SHA-256","StatusCode":"0"}


Response:

pull51w2k12nssl 回复的信息为

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 102
Content-Type: application/json;odata=minimalmetadata;streaming=true;charset=utf-8
Server: Microsoft-IIS/8.5
ProtocolVersion: 2.0
X-Content-Type-Options: nosniff
request-id: 28c7ae25-76ba-0000-40af-c728ba76d201
DataServiceVersion: 3.0;
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 25 Jan 2017 05:30:58 GMT

{"odata.metadata":"http://pull51w2k12nssl:8080/PSDSCPullServer.svc/$metadata#Edm.String","value":"Ok"}

(4)如果Pull服务器上的MOF文件删除了,则Pull服务器返回404状态码

Request:

POST /PSDSCPullServer.svc/Action(ConfigurationId='262c2f84-38e0-4610-b771-10e3f72281b6')/GetAction HTTP/1.1
Accept: application/json
ProtocolVersion: 2.0
Content-Type: application/json; charset=utf-8
Host: pull51w2k12nssl:8080
Content-Length: 150
Expect: 100-continue
Connection: Keep-Alive

{"Checksum":"F947C9A459FA6C777387BA67CA13844BFC40A624400E079CA8DAD9802F68EF90","NodeCompliant":"True","ChecksumAlgorithm":"SHA-256","StatusCode":"0"}


Response:

HTTP/1.1 404 Not Found
Cache-Control: no-cache
Content-Length: 2195
Content-Type: application/json;odata=minimalmetadata;streaming=true;charset=utf-8
Server: Microsoft-IIS/8.5
ProtocolVersion: 2.0
X-Content-Type-Options: nosniff
request-id: 28c7ae25-76ba-0001-b3b4-c728ba76d201
DataServiceVersion: 3.0;
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 25 Jan 2017 07:23:25 GMT


{"odata.error":{"code":"","message":{"lang":"en-US","value":"Checksum file not located for 
C:\\Program Files\\WindowsPowerShell\\DscService\\Configuration\\262c2f84-38e0-4610-b771-10e3f72281b6.mof.checksum."},
"innererror":{"message":"Checksum file not located for C:\\Program Files\\WindowsPowerShell\\DscService\\Configuration
\\262c2f84-38e0-4610-b771-10e3f72281b6.mof.checksum.","type":"System.IO.FileNotFoundException","stacktrace":""},
"MODATA.Exception.ErrorRecord":{"odata.type":"MODATA.Exception.DataServiceException","ErrorCode":"",
"MessageLanguage":"en-US","StatusCode":404,"Message":"Checksum file not located for C:\\Program Files\\WindowsPowerShell
\\DscService\\Configuration\\262c2f84-38e0-4610-b771-10e3f72281b6.mof.checksum.",
"Data":[],"InnerException":{"Message":"Checksum file not located for C:\\Program Files\\WindowsPowerShell\\DscService
\\Configuration\\262c2f84-38e0-4610-b771-10e3f72281b6.mof.checksum.","Data":[],"InnerException":null,"TargetSite":null,
"StackTrace":null,"HelpLink":null,"Source":null,"HResult":-2147024894},"TargetSite":null,"StackTrace":"   
at Microsoft.Management.Odata.Core.OperationManagerAdapter.InvokeMethod(IInvoker invoker, String functionName, 
String resourceTypeName, Boolean ignoreNotImplementedException)\r\n   at Microsoft.Management.Odata.Core.
OperationManagerAdapter.InvokeOperationManagerFunction[T](Func`1 func, String functionName, String resourceTypeName, 
Boolean ignoreNotImplementedException, T defaultResultForNotImplementedException)\r\n   at Microsoft.Management.Odata.
Core.OperationManagerAdapter.InvokeAction(ResourceType resourceType, IEnumerable`1 resourceKeys, String actionName,
 IEnumerable`1 inputParameters, ResourceType returnType)\r\n   at Microsoft.Management.Odata.Core.DataServiceInvokable.
InvokeActionOnAst(RequestAstNode root)\r\n   at Microsoft.Management.Odata.Core.DataServiceInvokable.Invoke()\r\n   
at Microsoft.Management.Odata.Core.DataServiceUpdateProvider.SaveChanges()\r\n   at System.Data.Services.DataService`
1.HandleNonBatchRequest(RequestDescription description)\r\n   at System.Data.Services.DataService`1.HandleRequest()",
"HelpLink":null,"Source":"Microsoft.Management.OData","HResult":-2146233079}}}

从上面的返回的HTTP的404可知,其还会返回具体出错的原因。

(5)利用Get命令获取服务器上的Module和resource,返回404错误

GET http://pull51w2k12nssl:8080/PSDSCPullServer.svc/Module(ConfigurationId='262c2f84-38e0-4610-b771-10e3f72281b6',ModuleName='xPSDesiredStateConfiguration',ModuleVersion='5.1.0.0')/ModuleContent HTTP/1.1
ProtocolVersion: 2.0
Host: pull51w2k12nssl:8080
Content-Length: 4

如果相应的Module没有在Pull Server准备好,则会返回 404 找不到的错误

HTTP/1.1 404 Not Found
Cache-Control: no-cache
Content-Length: 224
Content-Type: application/xml;charset=utf-8
Server: Microsoft-IIS/8.5
ProtocolVersion: 2.0
Prefer: return-content
X-Content-Type-Options: nosniff
request-id: 28c7ae25-76ba-0000-f1b1-c728ba76d201
DataServiceVersion: 1.0;
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 25 Jan 2017 08:19:47 GMT

<?xml version="1.0" encoding="utf-8"?><m:error xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata"><m:code /><m:message xml:lang="en-US">Resource not found for the segment 'Module'.</m:message></m:error>


解决方法,

版权声明:本文为博主原创文章,未经博主允许不得转载。

[7] Window PowerShell DSC 学习系列----如何被管理的设置节点注册到Pull Server?

在上一节,[6] Window PowerShell DSC 学习系列----如何安装最新的PowerShell DSC 5.1 Pull Server?笔者聊到了如何安装Pull Server。那么...

[26]Window PowerShell DSC学习系列----如何更换Pull服务器数据库为SQL Server数据库

上节我们提到了如何把PowerShell DSC的数据库换成Access;DSC Pull服务器当前的版本对MS SQL Server是不支持的,该怎么办?另外如果我们需要对Pull服务器建立负载均衡...

[6] Window PowerShell DSC 学习系列----如何安装最新的PowerShell DSC 5.1 Pull Server?

前面的5个章节做了很多的铺垫,包括Powershell DSC是什么? 能干什么? 其包含了推模式(push)和拉模式(Pull)。 而且笔者也描述了PowerShell DSC的配置文件(Confi...

[24]Window PowerShell DSC学习系列---- 如何保护MOF文件里面存储的密码?

在上节笔者分享了[23]Window PowerShell DSC学习系列---- MOF文件能存储用户的密码吗?MOF文件里面能直接存储明文密码,这样是非常不安全的。那么有什么方式能够把MOF里面存...

[23]Window PowerShell DSC学习系列---- MOF文件能存储用户的密码吗?

我们知道,DSC的资源中,有很多的资源是需要访问文件共享目录,进入本地的用户的目录,或者为一个特定的用户安装一个MSI的安装包,修改注册表;这个时候,如果直接执行调用DSC的资源,则可能会弹出“Acc...

[20]Window PowerShell DSC学习系列---- start-dscconfiguration 中遇到 Access Denied的解决方案

当我们执行start-DscConfiguration -computername psdsc-window201 -Path c:\DSC\TestFile -Wait -Verbose -forc...

[9] Window PowerShell DSC 学习系列----错误诊断和分析

PowerShell DSC就像一个汽车,内部复杂,司机作为一个普通的用户在使用它,因为知道一些汽车的基本常识,所以当汽车发生一些简单的故障时,可以通过汽车自身带的仪表仪器诊断问题出在哪方面,也可以借...

[22]Window PowerShell DSC学习系列---- 如何用PowerShell脚本查看DSC服务器的执行报表(Report)

本文只适合DSC 5.x的版本。我们知道在DSC 5.x的版本中,Pull服务器和Report是安装在一起的。那么当目标节点注册成功到Pull和Report服务器之后,且Pull服务器上的MOF和Re...

[2] Window PowerShell DSC 学习系列----DSC的资源(Resource)以及配置和格式(Configuration && Sytax )

这个章节主要来讲述DSC的资源(Resource)以及配置和格式(Configuration && Sytax )。...

[1] Window PowerShell DSC 学习系列----DSC的定义和2种架构模式

PowerShell DSC是PowerShell的一部分,是一个新的管理平台,英文全称为,PowerShell Desired Status Configuration,翻译成中文就是理想管理配置状...
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:[10] Window PowerShell DSC 学习系列----目标节点和Pull 服务器底层通信原理剖析
举报原因:
原因补充:

(最多只允许输入30个字)